Latest CVE Feed
-
4.8
MEDIUMCVE-2025-9823
SummaryA Cross-Site Scripting (XSS) vulnerability allows an attacker to execute arbitrary JavaScript in the context of another user’s session. This occurs because user-supplied input is reflected back in the server’s response without proper sanitization o... Read more
Affected Products : mautic- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2025-58603
Missing Authorization vulnerability in Surfer Surfer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Surfer: from n/a through 1.6.4.574.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-58601
Missing Authorization vulnerability in RadiusTheme Classified Listing allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Classified Listing: from n/a through 5.0.6.... Read more
Affected Products : classified_listing- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Authorization
-
4.4
MEDIUMCVE-2025-58615
Server-Side Request Forgery (SSRF) vulnerability in gfazioli WP Bannerize Pro allows Server Side Request Forgery. This issue affects WP Bannerize Pro: from n/a through 1.10.0.... Read more
Affected Products : wp_bannerize_pro- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Server-Side Request Forgery
-
5.3
MEDIUMCVE-2025-20335
A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to write arbitrary files on an affected device. This vulnerabi... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2025-58632
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dadevarzan Dadevarzan WordPress Common allows Stored XSS. This issue affects Dadevarzan WordPress Common: from n/a through 2.2.2.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2025-9931
A vulnerability was detected in Jinher OA 1.0. Affected is an unknown function of the file /jc6/platform/sys/login!changePassWord.action of the component POST Request Handler. The manipulation of the argument Account results in cross site scripting. The a... Read more
Affected Products : jinher_oa- Published: Sep. 04, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2025-58600
Missing Authorization vulnerability in Cozmoslabs Paid Member Subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Paid Member Subscriptions: from n/a through 2.15.9.... Read more
Affected Products : paid_membership_subscriptions- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-58617
Missing Authorization vulnerability in FAKTOR VIER F4 Media Taxonomies allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects F4 Media Taxonomies: from n/a through 1.1.4.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Authorization